Active Directory Outline

ACTIVE DIRECTORY OUTLINE

Active Directory is the flagship component of Windows 2000 Server and Advanced Server

* From logon to application installation

* Definition of Directory

* Directories have been around since the 60's

* Current examples are:

* Domain Name System (DNS)

* Windows Internet Name Service (WINS)

* Novell Directory Services (NDS)

* A database used to store and organize data

What is a Directory Service?

* A stored collection of information about defined objects that are related to each other in some way

* Telephone directory - stores names of entities and telephone numbers

* In a modern computing environment many objects need to be located and used:

* Servers

* Printers

* Fax Servers

* Databases

* Admins and users must be able to locate and use these objects

* A directory service stores all the information needed to use and mange these objects centrally

* Provides the means of storing the information AND the services making this information available to users

* It is the main switchboard and central authority of your network operating system that;

o Manages the identities

o Controls the relationships (access) between resources

* Because of this it must be tightly coupled with the OS's management and security mechanisms to be effective.

* Allows the definition and maintenance of the network infrastructure

* Allowing system admin

* Control the user experience

Why Have a Directory Service?

* A simplified and centralized means of organizing and administering access to resources of a network

* NT4 Domains, flat and very limited

* Users only need to know attributes of an object to find something (provided they were added!)

* Is an administrative and end user tool

* Other Functions

* Enforce security

* Distributes a Directory across many computers in the Network

* Replicate information to make it available and resist failure

* Partitioning allows multiple stores across a network for larger amounts of data and allow for more space

Simplified Administration

* Resources organized hierarchically in Domains

* A Domain has one or more linked Domain Controllers

* A change made to one DC is made to all DC's in the Domain

* A single point of admin for all objects in the network

Scalability

* Directory can be broken into sections to allow for a large number of objects

* Can easily be expanded (or contracted)

Open Standards Support

* Uses DNS for it's name system

* Integrate the internet concept of a name space

* Allows you to unify and manage multiple name spaces that (if they) already exist

* Can exchange information with any app or directory that uses LDAP or HTTP

DNS

* W2K (Active Directory) are DNS names

* Dynamic DNS allows auto update of DNS table

Support for LDAP and HTTP

* LDAP

* Version of the X.500 directory access protocol

* AD supports LDAP 2 and 3

* HTTP support can display every object in a web browser

Support Standard Name Formats

* RFC 822

* Someone@Domain

* HTTP Uniform Resource Locator (URL)

* http://domain/path-to-page

* Universal Naming Convention (UNC)

* \domainfoldernamefile.doc

* LDAP URL

* LDAP://server.domain.com/CN=firstname, OU=admin, OU=Division, DC=services

Directories must address four business principles:

* Cost

o Business decisions are based on return on investment and expected result at a given cost

o Perceived value must outweigh the actual costs

* Security

o "Money is Power" has changed to "Information is Power"

o Information includes competitive and proprietary data

o This information must be secure

* Reliability

o Uptime is the key word in business networks

o If the information is not available...it is of no value

* Performance

o Good network design can produce results

o Bad design impacts the ability to perform

Before Directories

* Network operating systems